ruhnet
/
kazoo-configs-kamailio
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 183 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1028 Commits
23 Branches
2.0 MiB
 
 
Tree: faf2f317a9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'faf2f317a9'
${ noResults }
kazoo-configs-kamailio/kamailio/sanity.cfg

74 lines
2.3 KiB
Raw Blame History

#!trydef SANITY_CHECK_USE_PORT 1
#!trydef SANITY_DROPS_REQUEST 1
#!trydef SANITY_DEFAULT_CHECK 17895
#!trydef SANITY_URI_CHECKS 7
#!trydef SANITY_TRACE_REQUEST 1
#!substdef "!SANITY_SUBST_CACHE_PERIOD!$def(SANITY_CACHE_PERIOD)!g"
######## SIP message formatting sanity checks [requires sl] ########
loadmodule "sanity.so"
modparam("sanity", "default_checks", SANITY_DEFAULT_CHECK)
modparam("sanity", "uri_checks", SANITY_URI_CHECKS)
modparam("sanity", "autodrop", 0)
modparam("sanity", "noreply", 1)
modparam("debugger", "mod_level", "sanity=-3")
kazoo.sanity_check_use_port = SANITY_CHECK_USE_PORT descr "should we keep track of ip and port for sanity failures"
kazoo.sanity_drops_request = SANITY_DROPS_REQUEST descr "should we drop the request or send error on sanity failure"
kazoo.sanity_trace_request = SANITY_TRACE_REQUEST descr "should we trace the request if sip trace role is enabled"
route[SANITY_CHECK]
{
## CVE-2018-14767
if($(hdr(To)[1]) != $null) {
xlog("second To header not null - dropping message");
drop;
}
$var(sanity_key) = "";
if($sel(cfg_get.kazoo.sanity_check_use_port) == 1) {
$var(sanity_key) = $_s("$si::$sp");
} else {
$var(sanity_key) = $_s("$si");
}
if (!sanity_check()) {
#!ifdef SIP_TRACE_ROLE
sip_trace();
#!endif
if($sel(cfg_get.kazoo.sanity_drops_request) == 1) {
xlog("L_WARN", "$ci|end|dropping insane message from $si:$sp\n");
drop;
} else {
xlog("L_WARN", "$ci|end|insane message from $si:$sp\n");
send_reply("400", "Bad Request");
exit;
}
}
if (!mf_process_maxfwd_header("10")) {
xlog("L_WARN", "$ci|end|too much hops, not enough barley from $si:$sp\n");
send_reply("483", "Too Many Hops");
exit;
}
if ($ua == "friendly-scanner" ||
$ua == "sundayddr" ||
$ua == "pplsip" ||
$ua =~ "NiceGuy" ||
$ua =~ "PortSIP" ||
$ua =~ "sipcli" ) {
xlog("L_WARN", "$ci|end|dropping message with user-agent $ua from $si:$sp\n");
drop;
}
if(sdp_get_line_startswith("$avp(sanity_sline)", "s=")) {
if ($avp(sanity_sline) == "s=portsip.com") {
xlog("L_WARN", "$ci|end|dropping message with '$avp(sanity_sline)' string in SDP\n");
exit;
}
}
}